Closed Bug 1781104 Opened 2 years ago Closed 2 years ago

remove unnecessary error categorization in nsICertOverrideService

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
106 Branch
Tracking Status
firefox106 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(3 files)

When adding a certificate error override, all UI flows used to go through the add certificate exception dialog, which categorizes certificate errors into trust (e.g. unknown issuer), time (e.g. expired certificate), and domain (domain mismatch) errors. Now that the certificate error page in Firefox just adds the exception without showing the extra dialog, most users will never encounter this categorization. More fundamentally, it makes little sense to operate this way - the implementation essentially pins the certificate to the origin in question, so making sure that the collected errors are in the same categories as they were before adds no security.
Removing this error categorization will simplify the error handling in SSLServerCertVerification.cpp.

rememberTemporaryValidityOverrideUsingFingerprint is no longer used in
nsICertOverrideService and can be removed.

Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3d4c394291dc remove unused 'add override by fingerprint' API from nsICertOverrideService r=djackson https://hg.mozilla.org/integration/autoland/rev/f1bc68230158 remove unnecessary bits parameter from nsICertOverrideService r=djackson,necko-reviewers,geckoview-reviewers,extension-reviewers,kershaw,calu https://hg.mozilla.org/integration/autoland/rev/676e661538d4 replace error type booleans with error category in nsITransportSecurityInfo r=necko-reviewers,mixedpuppy,jschanck,mccr8
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 106 Branch
Regressions: 1787995
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: